Menu
Bayou Technologies | Lake Charles, Louisiana | Technology | Cybersecurity | Communication | Marketing
Computer IT Services & Marketing
  • Technology
    • Managed Services
    • Computer Repair
    • Consulting
  • Cybersecurity
    • BDR
    • Network Security
    • Computer Security
    • Data Recovery
  • Communication
    • Cabling
    • Wireless Networking
    • Phones
  • Marketing
    • Website Development
    • Search Engine Optimization
    • Social Media & Online Presence
    • Location Scan
    • Website & Email Management
    • Online Advertising
    • Multimedia Design
    • Newsletter
  • CALL: 337-214-1172

HOME  |  BLOG  |  REMOTE SUPPORT

Home
Support
Blog
Contact
Close Menu
Update NinjaForms In WordPress To Avoid Potential Hack
May 15 2020

Update NinjaForms In WordPress To Avoid Potential Hack

wukovits Blog, Business Advice, General Interest, Malware and Virus Protection, Security, Technology News

Are you one of the million-plus website owners making use of Ninja Forms for WordPress? If so, be aware that the company has recently patched a serious security flaw that allowed hackers to inject malicious code and take over websites.

The attack is accomplished via a Cross-Site Request Forgery (CSRF) that leads to a Stored Cross-Site Script attack.

All versions of Ninja Forms from 3.4.24.2 and earlier are vulnerable.

Wordfence QA Engineer Ram Gall had this to say about the vulnerability:

“Depending on where the JavaScript was placed in the imported form, it could be executed in a victim’s browser whenever they visited a page containing the form, whenever an Administrator visited the plugin’s Import/Export page, or whenever an Administrator attempted to edit any of the form’s fields.

As is typical with Cross-Site Scripting (XSS) attacks, a malicious script executed in an Administrator’s browser could be used to add new administrative accounts, leading to complete site takeover, while a malicious script executed in a visitor’s browser could be used to redirect that visitor to a malicious site.”

The plugin’s developers took swift action. They were informed of the issue by Wordforce on April 27th, 2020, and issued a patch just five days later. Unfortunately, based on the company’s statistics, the majority of sites making use of Ninja Forms (more than 800,000) are running old versions, and are still vulnerable.

Wordfence has rated this security flaw with a CVSS score of 8.8, which makes it a high severity issue. If you use the plugin in any capacity, it’s important that you patch to the latest version as soon as possible to help keep your system secure.

Kudos to the sharp-eyed team at Wordfence for spotting the issue, and to the Ninja Forms development team for their fast action in delivering a patch!

Used with permission from Article Aggregator

Tweets Can No Longer Be Sent From SMS To Twitter Emails Saying Your Antivirus Is Expired Are Likely A Scam

Related Posts

Big Changes Coming To Microsoft Outlook In Coming Years

Blog, General Interest, Microsoft, Recent News, Technology News

Big Changes Coming To Microsoft Outlook In Coming Years

Hacker Attacks On Healthcare Industry Are On The Rise

Blog, General Interest, Recent News, Security, Technology News

Hacker Attacks On Healthcare Industry Are On The Rise

Adobe Flash Has Reached End of Life Status

Blog, General Interest, Recent News, Security, Technology News

Adobe Flash Has Reached End of Life Status

Recent Posts

  • Big Changes Coming To Microsoft Outlook In Coming Years
  • Hacker Attacks On Healthcare Industry Are On The Rise
  • Adobe Flash Has Reached End of Life Status

Archives

Categories

Get a Domain Registered


$.99* .COM Domain! Get going with GoDaddy!

Back To Top
Bayou Technologies | Lake Charles, Louisiana | Technology | Cybersecurity | Communication | Marketing
  • Home
  • Technology
  • Cybersecurity
  • Communication
  • Marketing
  • Newsletter
  • Blog
  • Support
  • Contact

BBB Logo

Bayou Technologies, LLC
✖
Bayou Technologies is a BBB Accredited Busines
A+
On a scale of A+ to F

Reviewed, Evaluated and Accredited

Meets All 26 Standards of Accreditation

BBB Accredited since 1/1/2012

Click here for BBB Business Report on Bayou Technologies, LLC

BBB Accredited:

BBB Rating as of:

Verify Bayou Technologies, LLC
Bayou Technologies, LLC © 2019
Website Development and Marketing in Lake Charles, Louisiana
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are as essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.